-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An option I saw years ago (I forgot on whose equipment) was a default password which was a function of the equipment's serial number. So you had to have the algorithm and you needed the serial number which was not related to the MAC. So if you didn't have physical access, you were not in a good position to learn the password. I suspect this was a support nightmare for the vendor and I bet they went to a more standard (read: the same) factory password. At the end of the day, minimizing support costs for the vendor (not to mention likely annoyance for the customer) trumps providing "default" security for the folks who won't change the default password. -Jeff Matthew Palmer wrote:
On Wed, Jan 06, 2010 at 08:26:25AM +0000, Dobbins, Roland wrote:
Does anyone know the default passwords for World Wide Packets 427 and 311v switches? One should think the fact that there are default passwords at all should be a cause for alarm, in and of itself.
As much as they're a definite security risk, I can't imagine what other option there is. The closest I can come to a solution is to set a random password and flash it using a front-panel LED using morse. <grin>
- Matt
- -- ======================================================================== Jeffrey I. Schiller MIT Network Manager/Security Architect PCI Compliance Officer Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis@mit.edu http://jis.qyv.name ======================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFLRRuk8CBzV/QUlSsRAuEEAJ4vFWYnMqK3AP1q9y46HzIIMeasoQCfSAkb CobOYgNelNkZL2ePmd6jwpM= =zBKR -----END PGP SIGNATURE-----